Case Studies
Leakage of confidential information to former colleague
One day at dinner time, an inspector of a government department was chatting with a former colleague who owned a consultancy company. During the meeting, the inspector mentioned that he had been in financial difficulties recently. The owner of the consultancy company took the chance to lend a helping hand to the inspector by offering him a loan of substantial amount. At the same time, the owner of the consultancy company requested the inspector to copy to him from the database of the departmental computer and saved them into his personal USB. Those records concerned the business organizations that had failed to comply with the regulations enforced by his department. In return for the help from his former colleague, the inspector obtained over 100 records and sent them to the owner of the consultancy company. The owner of the consultancy company used the records as a sales lead, approaching those business organisations on the list and touting his consultancy services to them. Some of the business organisations received sales calls from the consultancy company almost as soon as they had received warning notices from the government. They suspected corruption and reported the matter to the ICAC.
Case Analysis
According to the Prevention of Bribery Ordinance (POBO) S.4(1), it is an offence for the owner of the consultancy company to offer advantages (i.e. a loan) to induce a public servant (i.e. the inspector of the government department) to abuse his official capacity by leaking confidential information. The inspector also violated POBO S.4(2) for accepting bribes in his capacity as a public servant.
Although the department may allow staff to copy information from the computer system into removable storage media for operational need, such arrangement opens up opportunities for information to be leaked. The use of these media and mobile devices should be properly managed in workplace. Guidelines alone cannot foster a culture of compliance. Corruption results from inadequately implemented controls and staff misconduct. This case demonstrates that rules are of limited use if no checks are carried out for compliance. Therefore, managers should always keep a careful eye on subordinates and remind staff to handle conflicts of interest properly. Misuse of personal data may be a breach of the Personal Data (Privacy) Ordinance and can expose the company to damaging lawsuits. Coaching staff is essential for preventing problems.